Main Menu

Evan Summers

Evan Summers lives in Cape Town and plays Java, PostgreSQL and Linux. Most interested in crypto, systems monitoring and BI right now. Past interests include Swing, and future interests include mobi web.

We consider client devices (e.g. Android) connecting to a Java server for secure networking. Say we have stringent authentication requirements, and so decide to use client-authenticated SSL sockets, using self-signed client certificates.

In 2013, I was a Linux sysadmin, PostreSQL DBA, and erstwhile Java developer for a payment switching company, who was preparing for their first PCI assessment. Besides securing and virtualising their infrastructure - with KVM, virtual firewalls, and ssh forced commands - which kept me quite busy, there was this PCI requirement for "dual control" and "split knowledge" which was a show-stopper.

This provides a long overdue update to "Password Hash" from the Enigma Prequels (2007), where that article neglected to add salt, which is embarassing for whoever wrote that article... which was unfortunately me.

We present a miniscule Millis utility class for handling intervals, in milliseconds, not least because we record timestamps as per System.currentTimeMillis, i.e the number of milliseconds since the Unix epoch. As such we can skirt around the issue of the time as seen on clocks, with their time zones and calendars and what-not.

Last time we introduced the trivial namesake Timestamped interface, and used the excellent ArrayDeque of Java6 to collect such things, imposing a time-based capacity and some external synchronization. Now let's test this with some threads.